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The committee herewith submits to you the enclosed 

bill, H.R upon which the committee 

would appreciate a prompt report, together with such 
comment as you may desire to make. 

Will you kindly transmit your reply in triplicate. 

Respectfully, 
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99th CONGRESS f J Q OOOA 
1st Session ^00%/ 

To amend the Act establishing the National Bureau of Standards to provide for a 
computer security research program wit h i n such Bureau, and to provide for 
the training of Federal employees who are involved in the management, 
operation, and use of automated information processing systems. 


IN THE HOUSE OF REPRESENTATIVES 

June 27, 1985 

Mr. Glickman (for himself, Mr. Fuqua, Mr. Brooks, Mr. Brown of California, 
Mr. Wirth, Mr. Walgren, Mr. Nelson of Florida, Mr. Wyden, Mr. 
Hughes, Mr. Lewis of Florida, and Mr. Horton) introduced the following 
bill; which was referred jointly to the Committees on Science and Technolo- 
gy and Government Operations 


A BILL 

To amend the Act establishing the National Bureau of Stand- 
ards to provide for a computer security research program 
within such Bureau, and to provide for the training of 
Federal employees who are involved in the management, 
operation, and use of automated information processing 
systems. 

1 Be it enacted by the Senate and House of Representa- 

2 tives of the United States of America in Congress assembled, 

3 SECTION 1. SHORT TITLE. 

4 This Act may he cited as the “Computer Security 

5 Research and Training Act of 1985”. 
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1 SEC. 2. FINDINGS. 

2 The Congress finds that — 

3 (1) in recent years the Federal Government has 

4 become highly dependent on automated information 

5 processing systems for carrying out many of its 

6 missions; 

7 (2) the Government operates about 20,000 

8 medium- and large-scale mainframe computers, and by 

9 the end of this decade it will also have approximately 

10 half a million micro- and mini-computers; 

11 (3) the information stored in Government comput- 

12 ers and transmitted over the various communications 

13 networks that connect them represent valued property 

14 that is vulnerable to unauthorized access and disclo- 

15 sure, fraudulent manipulation, and disruption; 

16 (4) studies of computer-related fraud and abuse in 

17 Government agencies indicate a costly and widespread 

18 problem of significant proportions; 

19 (5) Government efforts to address the problems of 

20 computer security have focused on developing hard- 

21 ware and software systems to protect sensitive infor- 

22 mation, ensuring that new computer systems are de- 

23 signed to include security provisions, and requiring 

24 agencies to implement security procedures; and 

25 (6) these efforts must be supplemented if the prob- 

26 lems are to be solved, since the weak link in protecting 
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1 the information stored, processed, and transmitted by 

2 Government computers remains the people who 

3 manage, use, and operate them. 

4 SEC. 3. ESTABLISHMENT OF COMPUTER SECURITY RESEARCH 

5 PROGRAM. 

6 The Act of March 3, 1901 (15 U.S.C. 271-278h), is 

7 amended by redesignating section 18 as section 19, and by 

8 inserting after section 17 the following new section: 

9 “Sec. 18. (a) The National Bureau of Standards shall 

10 establish and conduct a computer security research program 

11 to address the problems of computer security in the Federal 

12 Government, with primary emphasis upon the prevention of 

13 computer-related fraud and abuse through the training of em- 

14 ployees in computer security awareness and good security 

15 practice. 

16 “(b) The program shall — 

“(1) perform research and conduct studies to de- 
termine the nature and extent of computer security 
vulnerability in Federal agencies and their contractors; 

“(2) devise administrative, management, and tech- 
nical procedures and practices designed to protect the 
information stored, processed, and transmitted by 
Government computers; and 

“(3) develop guidelines for use by Federal agen- 
cies in training their employees, and the employees of 
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1 their contractors and of other organizations whose 

2 computers interface with Government computers, in 

3 computer security awareness and good security 

4 practice.”. 

5 SEC. 4. TRAINING BY FEDERAL AGENCIES IN COMPUTER 

6 SECURITY. 

7 (a) In General. — Each Federal agency shall provide 

8 mandatory periodic training in computer security, under the 

9 guidelines developed pursuant to section 18(h)(3) of the Act 

10 of March 3, 1901 (as added by section 3 of this Act), and in 

1 1 accordance with the regulations issued under subsection (c) of 

12 this section, for all of its employees who are involved with 

13 the management, use, or operation of computers or other 

14 automated information systems and for all of the employees 

15 and other personnel of its contractors who are involved with 

16 the management, use, or operation of computers which inter- 

17 face with Government computers. 

18 (b) Training Objectives. — Training under this sec- 

19 tion shall begin within 60 days after the issuance of the regu- 

20 lations described in subsection (c), and shall be designed — 

21 (1) to enhance employees’ awareness of the 

22 threats to and vulnerability of computer and communi- 

23 cations systems; and 

24 (2) to encourage the use of improved computer 

25 security practices at Government facilities. 
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1 (c) Peculations. — Within six months after the date of 

2 the enactment of this Act, the Director of the Office of Per- 

3 sonnel Management shall issue regulations prescribing in 

4 detail the procedures and scope of the training to be provided 

5 by Federal agencies under subsection (a) and the manner in 

6 which such training is to be carried out. 

7 SEC. 5. AUTHORIZATION OF APPROPRIATIONS. 

8 There are hereby authorized to be appropriated to the 

9 National Bureau of Standards for the fiscal year 1987, to 

10 carry out the computer security research program under sec- 

11 tion 18 of the Act of March 3, 1901 (as added by section 3 of 

12 this Act), such sums as may be necessary. 
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